settings: Add Xwayland byte-swapped clients

Recent versions of Xwayland can allow or disallow X11 clients from
different endianess to connect.

Add a setting to configure this feature from mutter, who spawns
Xwayland.

Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2785>
This commit is contained in:
Olivier Fourdan 2023-01-09 15:35:52 +01:00
parent 9e0b5b1886
commit 5be6e7b18e
3 changed files with 49 additions and 0 deletions

View File

@ -125,6 +125,30 @@
</description>
</key>
<key name="xwayland-allow-byte-swapped-clients" type="b">
<default>false</default>
<summary>Allow X11 clients with a different endianess to connect to Xwayland</summary>
<description>
Allow connections from clients with an endianess different to that
of Xwayland.
The X server byte-swapping code is a huge attack surface, much of
that code in Xwayland is prone to security issues.
The use-case of byte-swapped clients is very niche, and disabled by
default in Xwayland.
Enable this option to instruct Xwayland to accept connections from
X11 clients with a different endianess.
This option has no effect if Xwayland does not support the command
line option +byteswappedclients/-byteswappedclients to control that
setting.
Xwayland needs to be restarted for this setting to take effect.
</description>
</key>
</schema>
</schemalist>

View File

@ -77,6 +77,8 @@ gboolean meta_settings_are_xwayland_grabs_allowed (MetaSettings *settings);
int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings);
gboolean meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings);
gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings);
void meta_settings_set_privacy_screen_enabled (MetaSettings *settings,

View File

@ -74,6 +74,9 @@ struct _MetaSettings
/* A bitmask of MetaXwaylandExtension enum */
int xwayland_disable_extensions;
/* Whether Xwayland should allow X11 clients from different endianess */
gboolean xwayland_allow_byte_swapped_clients;
};
G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT)
@ -428,6 +431,15 @@ update_privacy_settings (MetaSettings *settings)
settings);
}
static void
update_xwayland_allow_byte_swapped_clients (MetaSettings *settings)
{
settings->xwayland_allow_byte_swapped_clients =
g_settings_get_flags (settings->wayland_settings,
"xwayland-allow-byte-swapped-clients");
}
static void
wayland_settings_changed (GSettings *wayland_settings,
gchar *key,
@ -446,6 +458,10 @@ wayland_settings_changed (GSettings *wayland_settings,
{
update_xwayland_disable_extensions (settings);
}
else if (g_str_equal (key, "xwayland-allow-byte-swapped-clients"))
{
update_xwayland_allow_byte_swapped_clients (settings);
}
}
void
@ -469,6 +485,13 @@ meta_settings_get_xwayland_disable_extensions (MetaSettings *settings)
return (settings->xwayland_disable_extensions);
}
gboolean
meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings)
{
return settings->xwayland_allow_byte_swapped_clients;
}
gboolean
meta_settings_is_privacy_screen_enabled (MetaSettings *settings)
{